lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <40649698.8060407@gentoo.org>
From: method at gentoo.org (Joshua Brindle)
Subject: Talk in #grsecurity

I was there and the conversation most certainly happened, in fact you 
can see when i joined in the pasted converstation.

The reason the conversation was posted is because this is full 
disclosure where I assume at least the majority of people actually 
believe in full disclosure and people keeping vulnerabilities secret 
isn't exactly kosher. This in particular is what i'm refering to

[22:40] <BlackNet> how many do you have that's not released?
[22:41] <spender> 2 for exec-shield
[22:41] <spender> 3 for systrace
[22:41] <spender> 1 for DTE
[22:41] <spender> ~10 for LIDS
[22:42] <BlackNet> that's alot
[22:42] <spender> oh
[22:42] <spender> 3 i think for linsec
[22:43] <BlackNet> all of these are non-reported?
[22:43] <spender> correct

So I ask grsecurity fans, why would you run the software of someone no 
better than the people trying to crack your machine? This is not 
responsible behaviour and shows a clear disregard for security and 
safety of others.

Joshua Brindle


andrewg@...net.au wrote:
> The point of the previous post was to point out that people shouldn't
> believe anything posted until other people in the conversation agree that
> it happened and/or make a statement about it.
> 
> --> http://www.angelfire.com/electronic/bodhidharma/mu.html
> 
> 
>>Just to let everyone know I am awaiting these exploits
>>to be released to the respected parties in due time or an apology for
>>falsifying these claims.
>>
>>Ed
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ